Last post May 01, 2018 09:29 AM by Sudhakar Ponnusamy
Apr 19, 2018 06:33 AM|Sudhakar Ponnusamy|LINK
I have a requirement that my ASP.net MVC application must work with only TLSv1.2 and above (future). If client makes a call with any version lower than TLS v1.2, connection should be refused. I have googled for solutions and it seems that there is no option
in the application level (EX: global.asax) but this can be done @ machine level by disabling protocols in the registry(HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols). The problem what i'm foreseeing is that if custom
has other web application which needs to support TLSv1.1 or below then it will be a problem.
Apr 19, 2018 08:30 AM|PatriceSc|LINK
Generally speaking it's likely best to raise the bar at the same level for the whole server. Do you have identified this need for now?
Else try perhaps https://forums.iis.net/ to see if it could be done at a lower level. I don't think you have access to this at the application level.
Edit: according to https://serverfault.com/questions/771161/is-it-possible-to-force-tls-1-2-on-an-iis-site it doesn't seems possible and seems to offer
a possible solution. Make sure you really need TLS 1.1 support.
May 01, 2018 09:29 AM|Sudhakar Ponnusamy|LINK
Thanks for suggestion.
We have done at server level.